Results 1 to 3 of 3

Thread: LDAP replica not working and is out of sync

Hybrid View

  1. #1
    Join Date
    Apr 2011
    Posts
    7
    Rep Power
    4

    Default LDAP replica not working and is out of sync

    Hello,

    We have a 2 server setup which started to have some ldap replica sync problems.
    The 2 servers were recently upgraded to zcs 7.1.2 and the self signed certificates renewed using the admin console for all services.

    After a few days we noticed that the ldap replica is not in sync with the master and generating the following in the zimbra.log:

    Sep 29 00:21:47 zcs-mta slapd[4242]: @(#) $OpenLDAP: slapd 2.4.25 (Jul 6 2011 13:32:14) $ ^Iroot@zre-ubuntu10-64:/home/build/p4/HELIX/ThirdParty/openldap/openldap-2.4.25.4z/servers/slapd
    Sep 29 00:21:48 zcs-mta slapd[4243]: slapd starting
    Sep 29 00:21:48 zcs-mta slapd[4243]: slap_client_connect: URI=ldap://enterprisemail.vps-host.net:389 Error, ldap_start_tls failed (-11)
    Sep 29 00:21:48 zcs-mta slapd[4243]: do_syncrepl: rid=100 rc -11 retrying

    Here is what i already tried:

    1. resync replica with master data and restart it using these steps:
    LDAP data import export - Zimbra :: Wiki

    2. checked ldapsearch from replica to query the master which is working fine using TLS:
    zimbra@zcs-mta:~$ ldapsearch -ZZ -x -H ldap://<masterldap>:389/ -D "uid=zimbra,cn=admins,cn=zimbra" -b "" -s base -W +

    3. checked the ca.pem on both master and replica, both are self signed certs and not outdated.

    4. tried copying the ca.key and ca.pem from the master to the replica and re-create the links with c_rehash but still no go.


    Any ideas are much appreciated.
    Thank you.

  2. #2
    Join Date
    Apr 2011
    Posts
    7
    Rep Power
    4

    Default

    The only solution we have for now on this from zimbra support is to disable TLS from replica to master.
    This got ldap replication working.

    Edit /opt/zimbra/data/ldap/config/cn\=config/olcDatabase\=\{2\}hdb.ldif

    Find: "olcSyncrepl:"

    Change:
    from:
    credentials=rGMzwLka starttls=critical filter="(objectclass=*)"
    to:
    credentials=rGMzwLka filter="(objectclass=*)"
    and restart ldap.

  3. #3
    Join Date
    Sep 2011
    Posts
    2
    Rep Power
    4

    Default Official instructions to turn off TLS

    Quote Originally Posted by emarton View Post
    The only solution we have for now on this from zimbra support is to disable TLS from replica to master.
    This got ldap replication working.

    Edit /opt/zimbra/data/ldap/config/cn\=config/olcDatabase\=\{2\}hdb.ldif

    Find: "olcSyncrepl:"

    Change:
    from:
    credentials=rGMzwLka starttls=critical filter="(objectclass=*)"
    to:
    credentials=rGMzwLka filter="(objectclass=*)"
    and restart ldap.
    Thanks a lot for posting your solution, it's also working for us. When we've made the change in olcDatabase={2}hdb.ldif we got another error. After some research you can now turn TLS off with a nice command:
    Code:
    /opt/zimbra/libexec/zmldapreplicatool -t off
    Check the official documentation for more information: Turning off starttls for replication - Zimbra :: Wiki besides, looks liked our password in olcDatabase={2}hdb.ldif was wrong defined too.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •